Banking Exchange Magazine Logo

Ransomware plague continues

CryptoWall enables $18 million in thefts over 14 months

Ransomware plague continues

The FBI’s Internet Crime Complaint Center—known as IC3—warns that a virulent form of ransomware, dubbed CryptoWall, continues to target U.S. individuals and businesses.

CryptoWall and variants have been used actively to target U.S. victims since April 2014. (See “Ransomware rising, FBI says”) The financial impact to victims goes beyond the ransom fee itself, which is typically between $200 and $10,000. Many victims incur additional costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers.

Between April 2014 and June 2015, the IC3 received 992 CryptoWall-related complaints, with victims reporting losses totaling over $18 million.

Commenting on the recent warning, KnowBe4’s CEO Stu Sjouwerman says: “CryptoWall 3.0 is the most advanced cryptoransom malware at the moment. The $18 million in losses is likely much more, as many companies do not report their infections to the FBI and the downtime caused by these infections is much higher.”

How CryptoWall attacks

These financial fraud schemes target both individuals and businesses, are usually very successful, and have a significant impact on victims. The problem begins when the victim clicks on an infected advertisement, email, or attachment, or visits an infected website. Once the victim’s device is infected with the ransomware variant, the victim’s files become encrypted and unavailable to the victim.

“Additional damage is caused when a workstation is infected and has a mapped drive to a shared file server,” says Sjouwerman. “At that point all the files are encrypted and a whole department is sitting on their hands. The impact to a business can be devastating.”

Sjouwerman noted that the current social engineering tactic is to attach a zip file that claims to be the resume of a girl. Opening the zip file shows a page that then downloads another zip file—which bypasses all antivirus software that may be installed on the local workstation.

In most cases, once the victim pays a ransom fee, access to the encrypted files is regained.

Most criminals involved in ransomware schemes demand payment in Bitcoin. Criminals prefer Bitcoin because it's easy to use, fast, publicly available, decentralized, and provides a sense of heightened security/anonymity.

How to not be a victim

The FBI offers these tips to protect yourself:

Always use antivirus software and a firewall. Obtain and use antivirus software and firewalls from reputable companies. Continually maintain both of these through automatic updates.

Enable popup blockers. Popups are regularly used by criminals to spread malicious software. To avoid accidental clicks on or within popups, prevent them from appearing in the first place.

Always back up your computer’s content. If you back up, verify, and maintain offline copies of your personal and application data, ransomware scams will have limited impact on you. If you are targeted, instead of worrying about paying a ransom to get your data back, simply have your system wiped clean and then reload your files.

Be skeptical. Don’t click on any emails or attachments you don't recognize, and avoid suspicious websites altogether. [See “You are the weakest link.”) Please use DanLINK to that article.

If you receive a ransomware popup or message on your device alerting you to an infection, immediately disconnect from the internet to avoid any additional infections or data losses. Alert your local law enforcement personnel and file a complaint at

Sjouwerman adds: “This clearly shows the employee is the weak link in IT security and there is a dire need for effective security awareness training as the first line of defense in preventing ransomware infections with the potential to shut down a business.”

[Note: KnowBe4 LLC hosts an integrated security awareness training and simulated phishing platform.]

John Ginovsky

John Ginovsky is a contributing editor of Banking Exchange and editor of the publication’s Tech Exchange e-newsletter. For more than two decades he’s written about the commercial banking industry, specializing in its technological side and how it relates to the actual business of banking. In addition to his weekly blogs—"Making Sense of It All"—he contributes fresh, original stories to each Tech Exchange issue based on personal interviews or exclusive contributed pieces. He previously was senior editor for Community Banker magazine (which merged into ABA Banking Journal) and for ABA Banking Journal and was managing editor and staff reporter for ABA’s Bankers News. Email him at [email protected]

back to top


About Us

Connect With Us


Webinar: Real-Time Payments in the U.S. Market

Time/Date: June 16, 2021 2:00 p.m. ET

The U.S. has come a long way in its journey to real-time payments, with TCH and Zelle in market and FedNow just around the corner. COVID-19 has accelerated that demand to move to real-time. Yet many financial institutions remain unconvinced of the need to move, with less than 3% of financial institutions signed up today.

In this Banking Exchange hosted webinar Celent’s Gareth Lodge, Senior Analyst, Global Payments, and Alacriti’s Mark Ranta, Payments Practice Lead, discuss the findings in the Celent research report, Real-Time Payments in the US Market: Speeding Up or Slowing Down? A Call to Arms.


This webinar is brought to you by:
Alacriti logo